The White House has weighed in on the Heartbleed bug and its reported exploitation by the NSA.

In a New York Times report on Saturday, senior administration officials said that President Obama has decided that when the NSA discovers major flaws in Internet security, it should reveal them to the general public to insure that they will be fixed, but not in the event of "a clear national security or law enforcement need" — a loophole that will likely allow the NSA to continue to exploit security flaws.

This news comes after anonymous sources told Bloomberg that the NSA knew about the Heartbleed bug that exposed a major vulnerability in security protocols used by many popular websites like Google and Facebook, and used it to gather intelligence for at least two years. The White House and the NSA have since denied that report.

The White House has never publicly announced what President Obama's decision in a three-month review of recommendations by a presidential advisory committee to reform the NSA in January entailed. But the nature of the White House's position on the matter has become more evident after the Heartbleed bug became a global issue and after the administration denied having any prior knowledge about the security bug on Friday.

The White House statement issued to the Times stated that when major Internet security flaws are discovered, a "bias" exists in the government that would favor sharing knowledge of the flaw with computer and software manufacturers to create a solution, fix the problem and distribute said fix. But before such a decision, the government would assess whether or not it is "a clear national security or law enforcement need" — a broad and key distinction that could be open to an assortment of interpretations.

Caitlyn Hayden, the spokeswoman for the National Security Council, said that the new "reinvigorated" process, determined from those reviews in January, will weigh the value of disclosing a discovered security flaw against keeping it secret so the intelligence community can later use it.

However, Hayden noted that the process is "biased toward responsibly disclosing such vulnerabilities" as opposed to withholding the information.

Mashable
is a global, multi-platform media and entertainment company. Powered by its own proprietary technology, Mashable is the go-to source for tech, digital culture and entertainment content for its dedicated and influential audience around the globe.